Hello @Volodymyr Hryhoriev ,
MSAL implements the OAuth2.0 and OpenID Connect protocols, and does not support SAML 2.0.
The general strategy is to add the OIDC/OAuth stack to your app. With your app that implements both standards you can use a session cookie. You aren't exchanging a token explicitly. You're logging a user in with SAML, which generates a session cookie. When the Graph API invokes an OAuth flow, you use the session cookie to authenticate. This strategy assumes the Conditional Access checks pass and the user is authorized.
The recommended library for adding OIDC/OAuth behavior is the Microsoft Authentication Library (MSAL). Ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-token-exchange-saml-oauth#scenario-you-have-a-saml-token-and-want-to-call-the-graph-api
Let me know if you have any queries in the comments section.
Thanks,
Akshay Kaushik
Please "Accept the answer" and "Upvote" if the suggestion works as per your business need. This will help us and others in the community as well